package com.example.backend.config;


import com.example.backend.security.JwtAuthentication;
import com.example.backend.security.custom.CustomAuthenticationProvider;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableMethodSecurity
public class SecurityConfig {

    private final CustomAuthenticationProvider customAuthenticationProvider;
    private final UserDetailsService userDetailsService;
    private final PasswordEncoder passwordEncoder;
    private final JwtAuthentication jwtAuthentication;

    @Bean
    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);

        // 添加自定义 Provider
        authenticationManagerBuilder.authenticationProvider(customAuthenticationProvider);

        // 添加 DaoAuthenticationProvider 用于处理 UsernamePasswordAuthenticationToken
        DaoAuthenticationProvider daoProvider = new DaoAuthenticationProvider();
        daoProvider.setUserDetailsService(userDetailsService);
        daoProvider.setPasswordEncoder(passwordEncoder);
        authenticationManagerBuilder.authenticationProvider(daoProvider);

        return authenticationManagerBuilder.build();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeHttpRequests(auth -> auth
                                .antMatchers("/api/v1/user/login", "/api/v1/user/register").permitAll()
                                // 开放 Knife4j/Swagger 资源
                                .antMatchers("/doc.html", "/doc.html/**").permitAll()
                                .antMatchers("/v2/api-docs/**").permitAll()
                                .antMatchers("/swagger-resources/**").permitAll()
                                .antMatchers("/webjars/**").permitAll()
                                .antMatchers("/swagger-ui.html/**").permitAll()
//                        .antMatchers("/**").permitAll()
                                .anyRequest().authenticated()
                ).oauth2Login();

        http.sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .addFilterBefore(jwtAuthentication, UsernamePasswordAuthenticationFilter.class);
//                .logout(logout -> logout.logoutSuccessHandler(logoutStatusSuccessHandler))
        return http.build();
    }

    @Bean
    public SecurityFilterChain loginFilterChain(HttpSecurity http) throws Exception {

        return http.build();
    }
}
